"For now, the best workaround is to ensure that Windows Update is set to “Download updates but let me choose whether to install them.”"

Unfortunately, using this setting is the same as leaving updates on Automatic for most Users. What happens is all the checked updates get downloaded in the background (including the checked optional update "Upgrade to Win 10"). An "!" appears in the Start/Shutdown button, and the updates get installed on the next shutdown/reboot. The average user (in my support experience) does not use Control Panel/Windows Update, does not know anything about settings, does not uncheck/recheck updates, does not know that options exist and can be changed. So the effect is - the User shuts down the computer and the updates get installed the same as if on Automatic.

The only safe choice is "Search for updates but let me decide whether to download and install them." But now we've thrown the average User another curve - they become responsible for the updates they know nothing about.

Microsoft has intentionally trained the average User to take the defaults in ignorance. And that is how they can get away with the evil they are doing.

Susan,
I just logged in to thank you for the most useful column I've run across in ages. I have an older Win7 PC that has been used only rarely since I switched the home mostly to Apple products. Its hardware is easily good enough to run Windows 10, so I have been intending to boot it and update it for that upgrade. However, I absolutely dreaded the task of installing all the updates from the last 18 months. I think that your tips will greatly simplify that task. Whew!
My question involves the recently-released Microsoft's recently-released "cumulative rollup pack." I've downloaded that, but I've yet to run it. At this point, would you advise just doing that, OR should I first manually install the five updates listed on the Dalai page that you referenced?

Compatibility Check not Far from Perfect, it's Horible.

A very informative article. Thank you. Now I know why a friend's PC was updating without permission. I, too, thought she had overlooked something.

Yes, the "Get Windows 10" app is supposed to check for compatibility, but it's far from perfect...

Depends on your definition of "far." If you mean light years, I agree. The compatibility check is nowhere near as comprehensive or accurate as the previous Windows Upgrade Advisors were and I made the mistake of trusting it. My advice is to check your hardware, drivers, and software before accepting Win 10, although it seems that may be harder to do now.

I have a question for Susan: My wife and I moved back to the U.S. from Switzerland last year. I had purchased my computer there several years before. It is a desktop with Win 7 Professional (American English language) pre-loaded. After unpacking our household goods here in the states, I simply swapped out my computer's 220 volt power supply for a 110 volt version, and everything has continued to function perfectly. (By the way, I have Windows Update set to notify me, and I determine which upgrades to allow.) Now, after reading this article, I am wondering what the situation is in Europe regarding forced upgrades. More important, how does Microsoft view my system? My IP address obviously identifies me as a user living in the U.S., but is my system still registered with Microsoft as a European version of Windows 7, and will they leave me alone with this forced upgrade nonesense?

In the article you mention both GWX Control Panel and Never 10 and in () it has site, but they are not linked. Also, Never 10 DOES check for the folder and gives you the opportunity to remove the Win10 upgrade folder.

I have been having issues with kb3163207. A few of my clients with Win 7 or 8 have had it fail. When they restart, it tells them that t is installing the update, after a while it says something like "update failed, undoing update" and sits there for awhile uninstalling the update before the machine finally reboots. Then a few days later they got the same thing again. Is there any known issue that might be causing this and this an important update?

As far as controlling auto-updates, as long as one keeps an eye out for that auto-checked Optional item in the WU list of items, one can always uncheck it before getting the Important/Critical ones.

However, I decided to bite the bullet the other day and allow the Win10 upgrade to my Win7 main household computer. It got the point of the first reboot, and then said it was "Installing features ... etc", and it only got as far as 32%, then hung forever. I had to hold down the power switch until it hard-powered off. Upon re-start it backed out the upgrade and I was left where I started with my Win7 system.

I tried everything I could find on this issue, i.e. switch off anti-virus before kicking off the upgrade, disconnect any and all USB connected devices, run a sfc / scannow, etc., but each time I try it still only gores as far as that 32% before hanging indefinitely. I have now created a bootable DVD using the Media Creation tool, but when the computer is booted using this disk, the only option it gave me was "Install". I was reluctant to click the button as I wasn't sure whether this was going to do a clean install (and then I'd lose all my apps, files, etc.) or give me the option of an upgrade. Note that I do have both a Full Disk Image backup and a Files backup using the ToDo EaseUS s/w.

On Auto Win10 updates, I have to wonder if Microsoft is using some past action as "permission". For example, if someone long ago "reserved" Win10 when requested, then later got concerns and didn't go ahead with the process. Is MS taking that reservation as approval? I have to wonder if they have some fall-back excuse like that.

But I fully agree. Making major changes to someones computer is something that should have explicit current permission.

I had no trouble controlling when I upgraded my machines but discovered by accident that a friends laptop had a scheduled update they where not aware of initiating. If they hadn't happen to open it for me then they would not have been aware it was about to take place and likely it would have happened the next time they booted it. ie: you have to boot the computer prior to the scheduled time to get the scheduled notice. People who use their computers only ever few days may not get a notice.

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

Just wondering a couple of things:

1. is there any way to tell, by KB number (or something else) what the update is about? (I noticed that certain numbers, 311xxxx, I think, seemed to apply to MS Office updates...) and
2. is there any way to list the KB numbers in numeric order, so that one can find the KB item more easily? Now one has to closely read the list, because the list is not in numeric order, and it's a frustration, to say the least, and
3. at some point in the near past you said to skip KB 3139923. I don't see it in the list currently, so I don't know what to do with it. This is not the first time that an item was held and then not followed-up on. I know it would help me (and I must assume, others) more if you made sure that any update you suggested as a HOLD was closely followed until it was safe to install and then take it off the list, altogether.

1. is there any way to tell, by KB number (or something else) what the update is about? (I noticed that certain numbers, 311xxxx, I think, seemed to apply to MS Office updates...) and
2. is there any way to list the KB numbers in numeric order, so that one can find the KB item more easily? Now one has to closely read the list, because the list is not in numeric order, and it's a frustration, to say the least, and
3. at some point in the near past you said to skip KB 3139923. I don't see it in the list currently, so I don't know what to do with it. This is not the first time that an item was held and then not followed-up on. I know it would help me (and I must assume, others) more if you made sure that any update you suggested as a HOLD was closely followed until it was safe to install and then take it off the list, altogether.

Many thanks for all of your hard work, Susan......

As to KB 3139923, this is from March and April patchwatch:

March patchwatch
Do I really need this nonsecurity fix?
Microsoft released a batch of updates a few days after March’s regular Patch Tuesday — and they’ve mostly left me scratching my head. Many make sense only if you have a Win7 virtual machine hosted in Azure, if you’re managing a network, or you’re running into various other problems fixed by the updates.
Most of us can skip these updates. But here’s the quick summary:
Windows 7
 3139923 – MSI repair fails after installing MS14-049
 3318901 – Access to Internet fails due to overwritten proxy settings
 3137061 – Azure VMs don’t recover after network outage

April patchwatch
Office updates post release issues
In the first April Patch Watch column, I noted problems with KB 3114566 (MS16-039), a security fix for Office 2010 SP2. But there are reports that other April Office updates had issues, too — in particular KB 3114888 for Excel 2010 and KB 3114993 for Word 2010 (MS16-042).
After installing those patches, launching Office apps might pop up the error “The Windows installer service could not be accessed” — if July 2015 security update KB 3072630 isn’t already installed. (I didn’t see this Office 2010 error on my systems.)
Note that a nonsecurity Office patch, KB 3114996, might show up in Windows Update in the important category. According to its notes, it too might cause Office to pop up the aforementioned error message if KB 3072630 isn’t installed.
An alternative for fixing this issue is to uninstall update KB 3139923, a nonsecurity hotfix that was released in March. With that patch removed, Office should function normally again.
What to do: Install KB 3114566 along with KB 3114888 and KB 3114993 as soon as possible, but look for unwanted side effects in Office.

"Plus, more on the issue of extremely slow Windows Update scanning on Win7 systems"

With Windows 8.1 selected updates download and install immediately once selected.
The checking of update validity and sequence can only take splits of a second.

When W7 SP1 after all the recommended updates and service stopping etc takes 4 hours or more and then does not find all important or optional downloads the proposition that W7 SP1 needs a lot of pre-checking does not seem at all plausible. Microsoft have messed this up intentionally or otherwise. After 3 days I have managed to download important updates by setting on automatic but unimportant downloads do not download even when it says they are ready to download. I cannot install any updates manually. One of my W7 Thinkpads has now got the W10 upgrade into the important update lists so I cannot use automatic, or W10 installs.

We really need a W7 SP2 to sort this whole mess out or people will just abandon trying to keep their security up to date.
Alternatively what users may prefer is a Chromebook system where Microsoft provide an up to date working OS at each boot up.

"This new process is a mixed blessing: On one hand, we’ll no longer have to manage numerous patches; on the other hand, there’ll be no way to bypass a specific problematic patch without skipping all patches in the rollup update."

And there apparently won't be any way to bypass a push-Win10 update in the rollup without foregoing the rest, either. I've studiously hidden any and all push-Win10 updates thus far and so seem to have avoided the problems with the increasingly aggressive forced upgrades. Now Microsoft seems to be moving towards a Windows 10 bundled-update methodology for the older versions as well: Take it or leave it.